Quantum Key Distribution
Quantum key distribution (QKD) involves establishing a key between a sender (“Alice”) and a receiver (“Bob”) by sending “qubits” (i.e., weak optical pulses having less than one photon, on average) over a “quantum channel.” The security of the key distribution is based on the quantum mechanical principle that any measurement of a quantum system in unknown state will modify its state. As a consequence, an eavesdropper (“Eve”) that attempts to intercept or otherwise measure the qubits will introduce errors and reveal her presence. Once a key is successfully established between Bob and Alice, they can communicate over a public channel by using the exchanged key to encrypt their messages using perfectly secure one-time pad encryption or some other symmetric key encryption algorithm. In present-day QKD technology, keys of a suitable length (e.g., 256 bits) can be generated at a rate of about 1-100 per second, depending on the separation between Alice and Bob (e.g., the length of the optical fiber length connecting the two).
The general principles of quantum cryptography were first set forth by Bennett and Brassard in their article “Quantum Cryptography: Public key distribution and coin tossing,” Proceedings of the International Conference on Computers, Systems and Signal Processing, Bangalore, India, 1984, pp. 175-179 (IEEE, New York, 1984). Specific QKD systems are described in U.S. Pat. No. 5,307,410 to Bennett, which is incorporated herein by reference, and in the article by C. H. Bennett entitled “Quantum Cryptography Using Any Two Non-Orthogonal States”, Phys. Rev. Lett. 68 3121 (1992), which is also incorporated herein by reference. The general process for performing QKD is described in the book by Bouwmeester et al., “The Physics of Quantum Information,” Springer-Verlag 2001, in Section 2.3, pages 27-33, which is incorporated by reference herein as background information.
IPSec
The acronym “IPSec” is a contraction of the phrase “Internet Protocol (IP) Security.” IPSec is a set of protocols developed by the Internet Engineering Task Force (IETF), the main Internet standards organization. The protocols are designed to support the secure exchange of information over the Internet—more specifically, the exchange of packets at the IP layer. IPSec is the most popular method of implementing secure data communication channels over the Internet, and is used widely to provide security for the operation of virtual private networks (VPNs).
The basics of IPSec are described in the publication by Stephen Kent and Randall Atkinson, entitled, “Security Architecture for the Internet Protocol,” RFC 2401, published by and available from The Internet Engineering Task Force (IETF), 1998, which publication is incorporated by reference herein.
When sending information over the Internet, the information is broken up into “packets,” which allows for efficient management of Internet traffic. The packets travel separately over the Internet towards a receiving device at a designated address. The packets are then reassembled so that they have their original order at the receiver.
Sensitive information sent over the Internet can be encrypted via IPSec to maintain the secrecy of the information. IPsec supports “Transport” and “Tunnel” encryption modes. The Transport mode encrypts only the data portion (payload) of each packet, but leaves the header untouched. The Tunnel mode encrypts both the header and the payload and is thus more secure. On the receiving side, an IPSec-compliant device decrypts each packet according to the particular encryption mode.
There are two main IPSec protocols—Authentication Header (AH) and Encapsulating Security Payload (ESP). The AH protocol is mainly used for data authentication purposes, while the ESP protocol provides authentication and data confidentiality. The AH and ESP protocols can protect either an entire IP payload (Tunnel mode) or the upper-layer protocols of an IP payload (Transport mode).
The operation of IPSec requires the transmitter and receiver in the network to share a set of secret keys. This is accomplished through a protocol known as the “Internet Key Exchange” or IKE, which is described in the publication by D. Harkins and D. Carrel, entitled, “The Internet Key Exchange (IKE),” RFC 2409, published by and available from The Internet Engineering Task Force (IETF), 1998. This protocol allows the sender and receiver to obtain a set of public keys and to identify (“authenticate”) each other via digital certificates. IPSec protocol uses the keys to create the Security Associations (SA). A maximum of two decryption SAs are supported at a time in standard IPSec implementation.
Standard implementation of IPSec imposes inherent limitations on how frequently the keys can be changed. This is a central problem when attempting combine QKD and IPSec to increase security. As mentioned above, QKD is capable of providing many keys per second (e.g., 100 keys/second or even more), while IPSec's fastest key change rate is around once per second. To make use of the QKD-generated keys for IPSec, one would want to be able change them as fast as possible.
Also, IKE is used to provide keys for IPSec, and QKD is not a part of IKE. Accordingly, there is presently no way to incorporate QKD-generated keys into the IKE process so that QKD-generated keys can be used in IPSec.